Project

General

Profile

Actions
Copy link

Bug #19289

closed

radosgw/swift emulate split read/write acls?

Added by Marcus Watts about 7 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcus Watts
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
jewel kraken
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

With ceph radosgw/swift; setting just the read or write acl clears the other. Unless that behavior is specifically desired, it's currently necessary to set both "-r" and "-w" (on the swift command) at the same time. The swift documentation strongly suggests that is not the case with native swift.

ceph stores just one combined read/write acl, and if either of -r -w was specified, re-initializes this acl before applying the changes. We could emulate swift's behavior more closely by looking to to see if one of -r -w was not specified, and if so, filtering the appropriate bits of the old acl into the new acl.

Related issues 2 (0 open2 closed)

Copied to rgw - Backport #20586: kraken: radosgw/swift emulate split read/write acls?RejectedActions
Copied to rgw - Backport #20587: jewel: radosgw/swift emulate split read/write acls?RejectedMarcus WattsActions
Actions
Copy link
 #1

Updated by Marcus Watts about 7 years ago

  • Subject changed from radosgw to radosgw/swift emulate split read/write acls?
Actions
Copy link
 #2

Updated by Marcus Watts about 7 years ago

I've tried this out with swift (ocata). It definitely allows you to just update -r or -w acls separately.

Actions
Copy link
 #3

Updated by Yehuda Sadeh about 7 years ago

  • Assignee set to Marcus Watts
Actions
Copy link
 #4

Updated by Marcus Watts about 7 years ago

I've created
https://github.com/ceph/ceph/pull/14499
which has a possible fix for this problem.

Actions
Copy link
 #5

Updated by Radoslaw Zarzynski about 7 years ago

  • Status changed from New to Fix Under Review
  • Backport set to kraken
Actions
Copy link
 #6

Updated by Ken Dreyer about 7 years ago

  • Backport changed from kraken to kraken, jewel
Actions
Copy link
 #7

Updated by Matt Benjamin almost 7 years ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #8

Updated by Nathan Cutler almost 7 years ago

  • Copied to Backport #20586: kraken: radosgw/swift emulate split read/write acls? added
Actions
Copy link
 #9

Updated by Nathan Cutler almost 7 years ago

  • Copied to Backport #20587: jewel: radosgw/swift emulate split read/write acls? added
Actions
Copy link
 #10

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Need More Info

Jewel backport is non-trivial: needs 782aaefce763e9c149f43d25d2c6632125df368f to be cherry-picked first.

Actions
Copy link
 #11

Updated by Nathan Cutler about 6 years ago

  • Status changed from Need More Info to Pending Backport
  • Backport changed from kraken, jewel to jewel
Actions
Copy link
 #12

Updated by Nathan Cutler about 6 years ago

  • Backport changed from jewel to jewel kraken

Re-adding rejected kraken backport to appease backport tooling.

Actions
Copy link
 #13

Updated by Nathan Cutler over 4 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF